6.2.1 What is NIST?

NIST is an acronym for the National Institute of Standards and Technology,
a division of the U.S. Department of Commerce. NIST was formerly known
as the National Bureau of Standards (NBS). Through its Computer Systems
Laboratory it aims to promote open systems and interoperability that will
spur the development of computer-based economic activity. NIST issues
standards and guidelines intended to be adopted in all computer systems
in the U.S., and also sponsors workshops and seminars. Official standards
are published as FIPS (Federal Information Processing Standards) publications.

In 1987 Congress passed the Computer Security Act, which authorized
NIST to develop standards for ensuring the security of sensitive but unclassified
information in government computer systems. It encouraged NIST to work
with other government agencies and private industry in evaluating proposed
computer security standards.

NIST issues standards for cryptographic algorithms that U.S. government
agencies are required to use. A large percentage of the private sector
often adopts them as well. In January 1977, NIST declared DES (see Section 3.2)
the official U.S. encryption standard and published it as FIPS 46; DES
soon became a de facto standard throughout the United States. NIST is
currently taking nominations for the Advanced Encryption Standard (AES),
which is to replace DES (see Section 3.3).
There is no definite deadline for the completion of the AES (see Question 3.3.3).

Several years ago, NIST was asked to choose a set of cryptographic standards
for the U.S., this has become known as the Capstone project (see Question 6.2.3).
After a few years of rather secretive deliberations, NIST, in cooperation
with the NSA (see Question 6.2.2), issued
proposals for various standards in cryptography. The combination of these
proposals, including digital signatures (DSS, see Question 3.4.1)
and data encryption (the Clipper chip, see Question 6.2.4),
formed the Capstone project.

NIST has been criticized for allowing the NSA too much power in setting
cryptographic standards, since the interests of the NSA sometimes conflict
with that of the Commerce Department and NIST. Yet, the NSA has much more
experience with cryptography, and many more qualified cryptographers and
cryptanalysts than does NIST so it is perhaps unrealistic to expect NIST
to forego such readily available assistance.